DeckerWright Corporation will be kicking off a series of articles documenting various types of Social Engineering attacks being undertaken by criminals to compromise your business and your personal finances. The widespread availability of the internet has allowed criminal groups from around the world to target any entity that may have money, data or resources of interest. What do you possess as a business that criminals want? An obvious prize is any cash you may have. Depending on your business, hackers can also target client information including names, addresses, credit card information, health insurance information, and security information. If you are a high-tech company, criminals may be trying to gain access to any intellectual property or proprietary processes you may have. For companies dependent on technology (everyone), criminals can assess the nature of your network, disable it, and demand a ransom. Ransomware is the most documented example of this type of exploit, but new exploits focused on the Internet of Things (IoT) are becoming more popular. Even your computing and network resources have a value in today’s dark web.
Who are the criminals? Some nation-states like North Korea and Iran use cybercrime as a source of funding for their government. Criminal groups thrive in African and eastern European countries where they can easily pay off local officials and law enforcement for immunity from prosecution. The theft is from “rich” countries, so the cyber-criminals in poor countries are treated like Robin Hood. Cyber criminals are also at work in the United States. Cybercrime efforts are well funded from other criminal enterprises. Organized crime has entered cybercrime as a new source of revenue and profits as other sources of revenue, like gambling and marijuana sales, are being legalized. Relatively easy to start, hard to prosecute, and very lucrative, cyber-crime is primed for rapid growth.
Social Engineering has emerged as one of the fastest growing threats facing businesses today. Driven by Voice over Internet Protocol (VoIP) phones, cheap and fast internet around the world, and vast data sources of information, criminal enterprises are starting to use advanced marketing practices to target businesses.
The series of blog posts will focus on specific social engineering strategies we have identified that criminals use to gain access to the resources they are interested in.
Click HERE for more information on Social Engineering.